Topics:
1. backup and restore your repository data
2. create svn user/group for svnserve
3. mini-howto for 2 projects
================================================================================
1. backup and restore your repository data
subversion repositories use either the Berkeley Database system libraries,
or the FSFS database format which comes with the subversion package.
Since the BDB system libraries often introduce a new incompatible format during
version upgrade, a backup/restore of all the subversion repositories must be
performed _BEFORE_ doing such a system upgrade.
'svnadmin dump' will write the repository to stdout in a 'dumpfile' format.
This dumpfile can be loaded later with 'svnadmin load'.
2. create svn user/group for svnserve
subversion repositories can be served either via http, or via the svnserve
daemon and a special network protocol. svnserve should not run as root user.
The startup script rcsvnserve expects a user/group named 'svn', configureable
via /etc/sysconfig/svnserve.
But this user/group must be created before first use:
useradd svn
groupadd svn
3. mini-howto for 2 projects
To run a subversion server, you need to configure apache2 to load two apache2
modules: mod_dav and mod_dav_svn. (mod_dav is needed by mod_dav_svn, it is
installed together with apache2.)
This is done by adding the dav and dav_svn modules to the apache2 configuration
(a2enmod dav; a2enmod dav_svn), and restarting the server.
A default/example configuration of the dav_svn module can be found in
/etc/apache2/conf.d/subversion.conf. With more recent apache
packages, this configuration is *not* loaded automatically by
the apache server, since many people configure virtual hosts
and it is unlikely that the repositories shall be available
from any virtual host. To load the configuration for a certain
virtual host, add
Include /etc/apache2/conf.d/subversion.conf
or
Include /path/to/your_subversion_configuration
in the respective virtual host configuration. This *may* be done in the default
virtual host (/etc/apache2/default-server.conf).
Minihowto:
The plan:
host 2 source projects with subversion
both must have anonymous read access
both must have limited write access for a few users
they are accessed only via HTTP, not (!) locally
they will be reachable via:
http://hostname/repos/project1
http://hostname/repos/project2
Both will have the official version of the source tree and our modified
version for the distribution. Projects in question are:
project1
project2
The realisation:
find a machine to host the projects. Keep backup (and restore!) in mind
when hunting for hardware.
install needed packages
(you might check for update packages on
ftp://ftp.suse.com/pub/projects/apache/ )
rpm -Uvh \
apache2 \
apache2-doc \
apache2-prefork \
libapr1 \
libapr-util1 \
neon \
subversion \
subversion-doc \
subversion-server
# Update /etc/sysconfig/apache2 by
# adding 'dav dav_svn' to $APACHE_MODULES:
a2enmod dav
a2enmod dav_svn
create a few directories:
mkdir -p /srv/svn/repos
mkdir -p /srv/svn/user_access
mkdir -p /srv/svn/html
Add the http repository data to /etc/apache2/conf.d/subversion.conf:
#------------------------------------------------------------------------
#
# project related HTML files
#
<IfModule mod_alias.c>
Alias /repos "/srv/svn/html"
</IfModule>
<Directory /srv/svn/html>
Options +Indexes +Multiviews -FollowSymLinks
IndexOptions FancyIndexing \
ScanHTMLTitles \
NameWidth=* \
DescriptionWidth=* \
SuppressLastModified \
SuppressSize
order allow,deny
allow from all
</Directory>
# project repository files for project1
<Location /repos/project1>
DAV svn
SVNPath /srv/svn/repos/project1
# Limit write access to certain people
AuthType Basic
AuthName "Authorization for project1 required"
AuthUserFile /srv/svn/user_access/project1_passwdfile
AuthGroupFile /srv/svn/user_access/project1_groupfile
<LimitExcept GET PROPFIND OPTIONS REPORT>
Require group project1_committers
</LimitExcept>
# Limit read access to certain people
<Limit GET PROPFIND OPTIONS REPORT>
Require group project1_committers
Require group project1_readers
</Limit>
</Location>
# project repository files for project2
<Location /repos/project2>
DAV svn
SVNPath /srv/svn/repos/project2
# Limit write permission to list of valid users.
<LimitExcept GET PROPFIND OPTIONS REPORT>
# Require SSL connection for password protection.
# SSLRequireSSL
AuthType Basic
AuthName "Authorization for project2 required"
AuthUserFile /srv/svn/user_access/project2_passwdfile
Require valid-user
</LimitExcept>
</Location>
#------------------------------------------------------------------------
create the repositories itself:
cd /srv/svn/repos
svnadmin create project1
chown -R wwwrun:www project1/{dav,db,locks}
svnadmin create project2
chown -R wwwrun:www project2/{dav,db,locks}
The webserver must be (re)started:
rcapache2 restart
Now create the user access files:
project1 is a restricted project.
read access requires a password
write access is limited to a few users
touch /srv/svn/user_access/project1_passwdfile
chown root:www /srv/svn/user_access/project1_passwdfile
chmod 640 /srv/svn/user_access/project1_passwdfile
htpasswd2 /srv/svn/user_access/project1_passwdfile olaf
htpasswd2 /srv/svn/user_access/project1_passwdfile olh
this is the group file for project1:
/srv/svn/user_access/project1_groupfile
content:
project1_committers: olh
project1_readers: olaf olh
project2 is world readable, but only a few can commit to the sources.
touch /srv/svn/user_access/project2_passwdfile
chown root:www /srv/svn/user_access/project2_passwdfile
chmod 640 /srv/svn/user_access/project2_passwdfile
htpasswd2 /srv/svn/user_access/project2_passwdfile olaf
You should be able to connect to the server:
http://host/repos/project2
http://host/repos/project1
Now import the data, e.g.
svn import /path/to/project2-tree http://host/repos/project2